Re: change email in PGP public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In <[EMAIL PROTECTED]">mid:[EMAIL PROTECTED]>, Norbert Luckhardt [NL] wrote:' NL> that sure was unclear: I meant using this UID to find the NL> appropriate key to encrypt for a given e-mail address (which NL> corresponds to that UID) Ok. NL> e.g. when I have two keys in my keyring with each of them NL> bearing a particular e-mail address, then it's hard to tell, NL> which one a front-end will choose to use... there may be NL> different strategies (using the newer UID by date, checking the NL> self-signature or not, ask the user, ...) Usually it's the first key found bearing the exact UID. - -- Allie C Martin \ TB! v1.62/Beta1 & Windows XP Pro List Moderator/ PGP Key - http://pub-key.ac-martin.com ' -BEGIN PGP SIGNATURE- iD8DBQE9Ys04V8nrYCsHF+IRAkUEAKCzjL4k8zcbNnw1K55L7zOAgO18QgCfeW2b MWLmsVYR//B7gSM1HSEcsdE= =2rLr -END PGP SIGNATURE- __ Archives : http://tbtech.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED]
Re[2]: change email in PGP public key
hi Allie, NL>> more badly You cannot revoke a UID but only the self signature NL>> on it (which may or may not prevent users from encrypting to NL>> this UID) > Encrypting to the UID? What do you mean by this? that sure was unclear: I meant using this UID to find the appropriate key to encrypt for a given e-mail address (which corresponds to that UID) e.g. when I have two keys in my keyring with each of them bearing a particular e-mail address, then it's hard to tell, which one a front-end will choose to use... there may be different strategies (using the newer UID by date, checking the self-signature or not, ask the user, ...) > I'm thinking of revoking the key on the keyservers and continue to > distribute it through a URL link with all messages that I sign. as Dierk Haasis already mentioned: don't do this! anyone who synchronizes with the keyservers cannot use Your key anymore... -- kind regards, Shalom NOrbert using TB 1.61 __ Archives : http://tbtech.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED]
Re: LDAP attribute PKCS#12
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Alexander, @20-Aug-2002, 15:39 +0600 (10:39 UK time) Alexander Leschinsky [AL] in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] said: AL> SOT AL> Can anybody help me with correct schema definition for storing AL> The Bat addressbooks field Certificate ("userPKCS12;binary:" in AL> The Bat LDIF scheme) into OpenLDAP? AL> Plain and simpliest way - useless, because, after RTFM ... AL> I can't correlate 1-st paragraph with second :-( I'm not surprised! Is this any clearer? ,-=[ http://ldap.akbkhome.com/attribute/userPKCS12.html ]=-< Ldap Schema Viewer Attribute: userPKCS12 Description: PKCS #12 PFX PDU for exchange of personal identity information PKCS #12 [PKCS12] provides a format for exchange of personal identity information. When such information is stored in a directory service, the userPKCS12 attribute should be used. This attribute is to be stored and requested in binary form, as 'userPKCS12;binary'. The attribute values are PFX PDUs stored as octetStrings. [PKCS12] "PKCS #12: Personal Information Exchange Standard", Version 1.0 DRAFT, 30 April 1997. BNC Syntax: 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'PKCS #12 PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) rfc2798 Syntax: Octet String ID : 1.3.6.1.4.1.1466.115.121.1.40 Values in this syntax are encoded as octet strings. Example: `| - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.61 on Windows 2000 5.0.2195 Service Pack 2 -BEGIN PGP SIGNATURE- Version: 6.5.8ckt build 09 beta 3 iQA/AwUBPWIqvjnkJKuSnc2gEQI07gCg6UKkoWKaCCgKYCKKB43kQGJmfRIAni/8 zSFRbhrPNkg02UIkm3yF++4b =UHju -END PGP SIGNATURE- __ Archives : http://tbtech.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED]
LDAP attribute PKCS#12
Hello tbtech, SOT Can anybody help me with correct schema definition for storing The Bat addressbooks field Certificate ("userPKCS12;binary:" in The Bat LDIF scheme) into OpenLDAP? Plain and simpliest way - useless, because, after RTFM ->8-- from WinClipboard # userPKCS12 # PKCS #12 [PKCS12] provides a format for exchange of personal identity # information. When such information is stored in a directory service, # the userPKCS12 attribute should be used. This attribute is to be stored # and requested in binary form, as 'userPKCS12;binary'. The attribute # values are PFX PDUs stored as binary data. ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary attributetype ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: PKCS #12 PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) ->8 I can't correlate 1-st paragraph with second :-( -- Best regards, Alexander Leschinsky - MOTD: Better to write for yourself and have no public, than to write for the public and have no self. Cyril Connolly __ Archives : http://tbtech.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED]